CVE-2022-36640

Source
https://ubuntu.com/security/CVE-2022-36640
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-36640.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-36640
Aliases
Withdrawn
2025-06-23T15:55:04Z
Published
2022-09-02T21:15:00Z
Modified
2023-12-06T01:02:30.327514Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

* DISPUTED * influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization."

References

Affected packages

Ubuntu:Pro:16.04:LTS / influxdb

Package

Name
influxdb
Purl
pkg:deb/ubuntu/influxdb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.4+dfsg1-1
0.9.6.1+dfsg1-3
0.10.0+dfsg1-1

Ubuntu:Pro:18.04:LTS / influxdb

Package

Name
influxdb
Purl
pkg:deb/ubuntu/influxdb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.1.1+dfsg1-4
1.1.1+dfsg1-4+deb9u1ubuntu1

Ubuntu:20.04:LTS / influxdb

Package

Name
influxdb
Purl
pkg:deb/ubuntu/influxdb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.4-1build1
1.6.4-1+deb10u1build0.20.04.1
1.6.4-1+deb10u1ubuntu0.1
1.6.4-1+deb10u1ubuntu0.2

Ubuntu:22.04:LTS / influxdb

Package

Name
influxdb
Purl
pkg:deb/ubuntu/influxdb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.7~rc0-1
1.6.7~rc0-1ubuntu0.22.04.1
1.6.7~rc0-1ubuntu0.22.04.2

Ubuntu:24.04:LTS / influxdb

Package

Name
influxdb
Purl
pkg:deb/ubuntu/influxdb

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.7~rc0-2build1
1.6.7~rc0-2ubuntu0.24.04.1